3 min.
Earn the consent and trust of your users
1L’art de la gestion de projet2Un projet à succès commence par une bonne gouvernance3Cascade, agilité, demandes de changement?

Earn the consent and trust of your users


The collection of personal data is a perennial issue, one that often takes the form of a balancing act between irreconcilable perceptions and appearances.

From the individual’s point of view, data is valuable and sensitive information that falls within the bounds of personal privacy, while from a business standpoint, it’s essential for getting to know users and their needs.

Furthermore, today these data are becoming more and more valuable and can practically be traded as currency. In 2022, companies are responsible for controlling all communications related to the collection, storage and use of these data in a proactive way, through transparency and simplicity. What’s more, guaranteeing the data is secure has become essential.

Provincial, federal and international laws have now strengthened personal data protection on the web. The well-trained eye already knows how to recognize the GDPR acronym in an article such as this one, since these now-infamous regulations go beyond their jurisdiction’s borders (the European Union).

In terms of legislation, Quebec is following suit with Bill 64, adopted a few months ago. It will come into effect in two phases, the first in September 2022 and the second in September 2023. Time is running out—the countdown to enforcement has already begun!

However, beyond simple legal conformity with primary data collection from users (whether customers or not), all organizations interested in participating in this activity must ask themselves two primary questions: Will using this data benefit my users? And: Am I about to solidify their trust, or lose it?

In the following article, I’ll help you answer the above and optimize your practices.


Having your cake and eating it too

In recent years, we’ve heard the horror stories from a number of companies who have lost control of their customers’ sensitive data. The immediate victims are the end users whose information was lost (possibly forever).

But to whom do these data belong? To those individuals, of course—they only lent them to these companies for the purposes of doing business with them. They lend their data in order to receive the best possible service.

Users would like to have the most personalized experience possible, while refusing to have their personal information shared in order to ensure their privacy is adequately protected. Some would say this is paradoxical, but in my opinion there is an equilibrium, despite being fragile and hard to find.

I believe, as part of the moral contract between a company and its users, there should be a limit on the collection and use of personal data. This limit should be clear and changeable depending on users’ preferences.


New browsers protect their users’ data

A few years ago, it was easy to learn information about visitors to your website in order to segment them and address advertising messages to their inbox that matched their profile. It was even possible to purchase information about prospects, also known as users a company has not yet had contact with.

It was a very practical way of working, thanks to the abundance of third-party cookies managed by DMPs and bought through ad exchanges. But there was an underlying problem: Users didn’t really know their identifiers were being monetized and that they were the ones who would ultimately pay the price. We’re not talking here about personal identifying information (PII), which could be read and known by anyone (an email address, street address, phone number, name, etc.), but rather pseudonymous personal data, such as a cookie identifier, which were known by certain players and could be sold to the highest bidder. We’re talking notably about giants like Facebook and Google, who cover most of the worldwide advertising market in 2022, with a 24.5 percent and 28 percent share respectively (source: eMarketer March 2021).

That was until Apple, their gentler Silicon Valley neighbour who had no stake in this particular industry, decided to spoil the party by delivering new versions of its Safari browser that were expressly created to protect this type of data.

Have you seen this logo in Apple’s TV ads?

To give you the short version of the story, third-party cookies don’t exist on Safari anymore, and primary cookies are strictly limited. Firefox as well as other less-popular browsers (Opera, Brave, etc.) followed the trend. Finally, in 2020, Google Chrome announced that third-party cookies would disappear completely in 2022… Um, no wait! In 2023.

In order to close the informational gap, companies that wanted to learn more about their users now had to explicitly ask their users to identify themselves in order to collect personal identifying information (PII).


The Privacy Paradox

It’s been proven that individuals do not act rationally when it comes to protecting their personal data. This is known as the privacy paradox, or the gulf between users’ intentions to protect their privacy (their attitude) and their actions online, which runs against their intention (their behaviour). This gap partly explains why certain behaviours are both unforeseeable and sometimes seem illogical.

Let’s take two examples. To protect their privacy, user X refuses to accept advertising cookies on their computer’s browser, but later accepts them on another device in order to more quickly access the content they’re looking for. User Y, meantime, systematically refuses cookie data collection, but has no issues with providing personally identifying information (which is more valuable) to get a service or transitory value (such as sending a postal code to geolocate the closest business or sending an email address to get a 10% off discount).

This paradox is an inherent bias in how people think—a bias that could only harm themselves, since this info could be exploited by a third party to obtain information against their will. That’s why this is a subject of study within the field of neuroscience.


A priority for 2022

Is consent a buzzword at your company? If it isn’t yet, it likely will be by the end of 2022.

During the collection of data belonging to users, a company is morally—and soon legally (via the GDPR, CCPA, PIPEDA, and the Loi sur la protection des renseignements personnels dans le secteur privé au Québec)—obligated to ask for permission, which means obtaining their explicit consent by explaining the uses to which their data will be applied, whether that will consequently be for the goal of identifyinglocating or profiling. We won’t get into more detail on these laws, but they will serve as guidelines for the purposes of this article.

Also, to get deeper into the issue, we suggest you contact your legal department or lawyers specializing in this area.


Managing consent

There are technologies that facilitate the management of consent for cookie collection, the most well-known provider being OneTrust and its Consent Management Platform (CMP). However, we believe consent systems should be more global and cover both pseudonymous data (cookies) and personally identifying data (PII), with a clear explanation of the value to be received in exchange for consent and, therefore, collection.

How can a new user completely trust you by sharing their data when they don’t even know you yet? How can they measure the impact of a personalized experience they haven’t had yet?

Keeping this in mind, it’s obvious that to obtain true consent from a user, one can’t simply content oneself with displaying a warning message on screen upon their first visit to your site, which is often what you see on the web. Consent needs to evolve over the course of the user journey with your brand and it needs to be updated through channels other than the OneTrust pop-up.

Example: PCworld.com in the U.S.


Permission-based marketing

The term “permission marketing” was introduced in 1999 by Seth Godin in his book Permission Marketing: Turning Strangers Into Friends and Friends Into Customers. This unusual term may take off in the coming years as we seek to endow users with full power.

Demonstrating transparency and returning control over data to users is profitable for both users and companies. It very often leads to increased trust towards the brand, and this stronger relationship can eventually encourage users to share more of their data.

This is therefore the first tactic that should be put in place.

Next, we recommend increasing your transparency to 100 percent by explaining simply and clearly what the benefits are brought by the use of personal data for both the company and for users. There are correlations between the diversity of collected data and the level of service and personalization of the customer experience—these need to be made explicit to counteract the Privacy Paradox, mentioned earlier in this article.

Finally, use your CDP (Consumer Data Platform) to store your users’ preferences regarding data-sharing. This will enable you to conduct good ad campaigns and personalization across all channels for users that are recognized (PII identifiers) or unrecognized (pseudonymous identifiers). In addition to respecting commitments to customers, your company will see its first-party data assets strengthened.

CDPs are a technology of the future that promotes and drives operations focused on users in a cross-sectional way, particularly for marketing, BI, sales and customer services. The different levels of consent are stored in CDPs and will enable your data scientists to better understand the psychographic profile of users, which may be receptive, suspicious or even ardent defenders of their privacy.

Have any questions or need professional guidance in order to meet new challenges or adapt to recent changes in the industry?

Our team of specialists will be happy to lend a hand, to help you make 2022 a productive year that drives your business to whole new heights!